CVE-2011-2545

EPSS 0.26%
Veröffentlicht 13.06.2012 20:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Spa8000 8-port Ip Telephony Gateway Firmware Version <= 6.1.10

Cisco ≫ Spa8000 8-port Ip Telephony Gateway Firmware Version5.1.12

Cisco ≫ Spa8000 8-port Ip Telephony Gateway Firmware Version6.1.3

Cisco ≫ Spa8000 8-port Ip Telephony Gateway Version-

Cisco ≫ Spa8800 8-port Ip Telephony Gateway Firmware Version <= 6.1.7

Cisco ≫ Spa8800 Ip Telephony Gateway Version-

Cisco ≫ Spa2102 Phone Adapter With Router Firmware Version <= 5.2.12

Cisco ≫ Spa2102 Phone Adapter With Router Firmware Version5.2.3

Cisco ≫ Spa2102 Phone Adapter With Router Firmware Version5.2.5

Cisco ≫ Spa2102 Phone Adapter With Router Firmware Version5.2.10

Cisco ≫ Spa2102 Phone Adapter With Router Version-

Cisco ≫ Spa3102 Voice Gateway With Router Firmware Version <= 5.1.10

Cisco ≫ Spa3102 Voice Gateway With Router Firmware Version3.3.6

Cisco ≫ Spa3102 Voice Gateway With Router Firmware Version5.1.7

Cisco ≫ Spa3102 Voice Gateway With Router Version-

Cisco ≫ Spa 500 Series Ip Phone Firmware Version <= 7.4.8

Cisco ≫ Spa 500 Series Ip Phone Firmware Version7.3.7

Cisco ≫ Spa 500 Series Ip Phone Firmware Version7.4.3

Cisco ≫ Spa 500 Series Ip Phone Firmware Version7.4.4

Cisco ≫ Spa 500 Series Ip Phone Firmware Version7.4.6

Cisco ≫ Spa 500 Series Ip Phone Firmware Version7.4.7

Cisco ≫ Spa 501g 8-line Ip Phone

Cisco ≫ Spa 502g 1-line Ip Phone

Cisco ≫ Spa 504g 4-line Ip Phone

Cisco ≫ Spa 508g 8-line Ip Phone

Cisco ≫ Spa 509g 12-line Ip Phone

Cisco ≫ Spa 512g 1-line Ip Phone

Cisco ≫ Spa 514g 4-line Ip Phone

Cisco ≫ Spa 525g 5-line Ip Phone

Cisco ≫ Spa 525g2 5-line Ip Phone

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.467

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://tools.cisco.com/security/center/viewAlert.x?alertId=26037

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-2545

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2545

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2545

EUVD